PCI compliance after a breach – another point of view
Here's another way to look at the data in Verizon's 2011 Data Breach Investigations Report (PDF) about what fraction of their customers were found to be compliant with the requirements of the PCI DSS after a breach had occurred. I'm not sure which graph is more useful – this one or the one in yesterday's post. They each seem to tell a different story, and it's not clear to me which one is better. As in the first graph, the horizontal axis is the PCI DSS requirement and the vertical axis is the percentage of businesses found to be compliant after a breach.